I don't know what's going on with the messages, but you could try stopping the server and clearing the syscheck database for that agent.
On Mon, May 17, 2010 at 9:19 AM, Adi CHIRU <[email protected]> wrote: > Hi guys, > > > > I have some problems with ossec syscheck as it seems it does not catch all > the events that happen in a directory configured to be monitored in > real-time. To find out what is going wrong I was watching the logs and found > the below errors for which I could not find a relevant discussion/solution > with google. > > > > Can you please help? > > > > 2010/05/17 12:29:35 ossec-logcollector: INFO: Started (pid: 11462). > > 2010/05/17 12:30:06 ossec-syscheckd: INFO: Starting syscheck database > (pre-scan). > > 2010/05/17 12:31:40 ossec-syscheckd: INFO: Finished creating syscheck > database (pre-scan completed). > > 2010/05/17 12:33:40 ossec-syscheckd: INFO: Starting syscheck scan > (forwarding database). > > 2010/05/17 12:34:12 ossec-analysisd(1755): ERROR: Invalid syscheck message > received. > > 2010/05/17 12:34:16 ossec-analysisd(1755): ERROR: Invalid syscheck message > received. > > 2010/05/17 12:34:16 ossec-analysisd(1755): ERROR: Invalid syscheck message > received. > > 2010/05/17 12:38:28 ossec-syscheckd: INFO: Ending syscheck scan (forwarding > database). > > 2010/05/17 12:38:48 ossec-rootcheck: INFO: Starting rootcheck scan. > > 2010/05/17 12:41:08 ossec-rootcheck: INFO: Ending rootcheck scan. > > 2010/05/17 13:04:17 ossec-analysisd: Invalid integrity message in the > database. > > 2010/05/17 13:06:18 ossec-analysisd: Invalid integrity message in the > database. > > 2010/05/17 13:10:14 ossec-analysisd: Invalid integrity message in the > database. > > 2010/05/17 13:10:14 ossec-analysisd: Invalid integrity message in the > database. > > 2010/05/17 13:10:14 ossec-analysisd: Invalid integrity message in the > database. > > 2010/05/17 13:10:14 ossec-analysisd: Invalid integrity message in the > database. > > > > If you need any other info please let me know… > > > > Thanks, > > Adi
